package com.aloda.interceptor;

import com.aloda.constant.UserConstant;
import com.aloda.pojo.dto.UserSafetyDTO;
import com.aloda.utils.UserHolder;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 权限校验拦截器
 */
public class AuthCheckInterceptor extends HandlerInterceptorAdapter {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 这里先对options请求进行处理，避免预检请求无session直接返回错误
        String method = request.getMethod();
        if ("OPTIONS".equals(method)) {
            return true;
        }
        UserSafetyDTO user = UserHolder.getUser();
        // 不是管理员无法访问拦截路径下的资源
        if (UserConstant.USER_USER.equals(user.getRole())) {
            response.setStatus(403);
            return true;
        }
        return true;
    }
}
